Re: Mac addresses

[Peter Charbonneau <Peter.Charbonneau () WILLIAMS EDU>]

Thank you for your input

I have found 10 of these machines ...


The ones I found are Dell Optiplex devices that were in "deep sleep"
mode -- deep sleep enough that it took a push of the power button to
wake them up.

My suspicion is that this is some sort of specialized LLDP "WAKE ON
LAN" address that gets coordinated with any/all of the machines in
that network space/container/VLAN so that duplicate addresses are non
existant.

So ... a QUICK recap

All machines in this VLAN in this state had a different MAC address.
They all "looked" powered off, but didn't go thru a standard POST
after pressing the power button to wake them up.
All were XP machines.
I could not have used a "sniffer" to capture any useful information.
No hubs, switches, routers connected to the ports in question.
absolutely no traffic from the one switchport that I mirrored in 60
min time.

Interesting ....  Although, I would have preferred not to deal with
this at the start of the semester.

I have set up a port mirror on one of these switchport to a port with
a sniffer machine; I don't know if I will capture anything useful or
not, but there you go.

p

On Sep 9, 2008, at 9:50 AM, Peter Charbonneau wrote:

> I am seeing "sequential" MAC addresses on my network in the form of:
>
> 02-00-00-00-00-01
> 02-00-00-00-00-02
> 02-00-00-00-00-03
> 02-00-00-00-00-04
> 02-00-00-00-00-05
> 02-00-00-00-00-06
> 02-00-00-00-00-07
> 02-00-00-00-00-08
> 02-00-00-00-00-09
> 02-00-00-00-00-10
> 02-00-00-00-00-11
> 02-00-00-00-00-12
> 02-00-00-00-00-13
> 02-00-00-00-00-14
> 02-00-00-00-00-15
> 02-00-00-00-00-16
> 02-00-00-00-00-17
> 02-00-00-00-00-18
> 02-00-00-00-00-19
> 02-00-00-00-00-20
>
> These are only a few ... I have about 100 of them.  They only exist
> in my "BlachHole" VLAN -- no connectivity to anything else, no
> routers no nothing.
>
> I can't find any documentation on what these MAC addresses are.  I
> am guessing that they are some sort of LLDP MAC address, but it
> seems weird that I don't get any search engine hits about them.
>
> This is not one machine spewing out multiple bogus addresses, but
> many machines .... one to one?  Not sure.
>
> Ideas?
>
>
> PeteC
>
>
> Peter Charbonneau
> Sr. Network and Systems Administrator
> Williams College
> (413) 597-3408 (office)
> (413) 822-2922 (cell)



PeteC


Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (office)
(413) 822-2922 (cell)